1. Field of the Invention
The present disclosure relates to a technology of misdiagnosis verification of a signature used for a malicious code diagnosis, and more particularly to technologies which derive a result of performance of a malicious code diagnosis simulation on a signature in a multi-user computer environment to use an actual client antivirus software and thus can overcome physical, spatial, and temporal limitations of conventional signature misdiagnosis verification by pre-distributing a preliminary application signature in a state where misdiagnosis verification has not been completed to a plurality of user computers to reflect the preliminary application signature to a malicious code diagnosis on files stored in the plurality of user computers and performing misdiagnosis verification on the preliminary application signature based on information collected in connection with a result of the diagnosis.
2. Description of the Prior Art
A method of diagnosing malicious code is largely divided into a diagnosis method using a signature and a diagnosis method using a code. While the diagnosis method using the code takes a lot of time and lacks speed, the diagnosis method using the signature can quickly respond. Accordingly, it is no exaggeration to say that 99% or more of malicious code diagnoses are performed using the signature.
A malicious code diagnosis method using such a signature generally uses one signature for several malicious codes, but diagnosis methods using a statistical technology diagnose scores to several thousands of malicious codes by using one signature.
In this case, a misdiagnosis rate caused by the diagnosis method using the signature may be low in terms of throughput but high in terms of frequency. Particularly, the diagnosis method using the signature has a misdiagnosis possibility in which the malicious code is misdiagnosed, that is, a normal file which is not the malicious code is diagnosed as the malicious code.
Accordingly, after the signature is made, a misdiagnosis verification process in which the signature is verified is performed. Most of existing companies that make the signature utilize a closed verification method (a verification method of performing verification in a closed laboratory) of gathering a plurality of white list files and testing/verifying the signature as the misdiagnosis verification process.
Such a closed verification method performs the misdiagnosis verification on only white list files, so that a white list quality problem may occur. Further, since it is difficult to indefinitely expand a storage capacity of the white list and it is impossible to collect and arrange all the files, it takes a lot of physical, spatial, and temporal costs and thus there is a limitation in the construction.
Accordingly, the present disclosure provides a broader verification method to overcome restrictions of the misdiagnosis verification method by the conventionally made signature.